Medium severity6.6NVD Advisory· Published Jun 26, 2017· Updated May 13, 2026

CVE-2017-6325

Description

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.

Affected products

Symantec/Messaging Gateway
cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*
Range: <=10.6.2
Symantec Corporation/Messaging Gatewayv5
Range: All versions prior to version 10.6.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98890nvdThird Party AdvisoryVDB Entry
www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
www.securitytracker.com/id/1038785nvd

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000